Malware, phishing, ransomware, hacking…Government agencies have to manage a growing threat landscape that many are not equipped to address. Consider that 88% of agencies have experienced at least one cyberattack in the last two years, while 62% have been the victim of two or more attacks. Reports of breaches or accidental exposure of public records are on the increase.
Public Agencies are at Particular Risk
Because of the relative lack of cybersecurity expertise and their need to stay operational, state and local governments have become a favored target of cybercriminals, especially ransomware operators, because small government agencies are more likely to pay in order to recover from a ransomware attack. In 2019, more than 104 ransomware attacks targeted state and local government organizations, according to data collected by threat intelligence firm Recorded Future. Governments often maintain sensitive data but often depend on legacy technology that was not built to protect against today’s threat environment. Budget issues also impact their ability to bring in digital tools or security talent.
Attacks come in many forms and are often so insidious that by the time they are detected, the damage has been done. The fallout from these attacks is not limited to the disruption to users and financial costs. A municipality can also lose the trust and confidence of its constituents. Agencies and municipalities have to construct a defense against multiple threats.
- Denial of Service attacks that prevent authorized users from accessing the network and their data.
- Ransomware attacks that hold organizations hostage and bring operations to a halt.
- Advanced persistent threats, often through phishing efforts, that allow hackers to move undetected within the network, gathering passwords and sensitive information
- Social engineering attacks through email schemes that expose their agency to cybercriminals.
While some agencies have implemented some threat protections and risk mitigation strategies, many are simply not equipped with the personnel or the technology to beat cybercriminals at their own game. One place to start is with an effort to understand the present state of the security posture. Bring in an expert to identify what your organization is doing well and where vulnerabilities currently exist. A clear, budgeted, plan to get your municipality to the desired security posture is the goal. And don’t ignore training. Cybersecurity training is a relatively cheap measure that could help to harden local governments against ransomware attacks and prepare county workers for election threats.
Looking to test your defenses or to improve your security posture? Contact Radiant Resources and let us help you build cyber resilience to grow with confidence.